Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

CVE-2024-3708

A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1. cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior cou...

CVE-2024-3708

...

Apache Tomcat 8.0.0 < 8.0.0-RC3 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.0-RC3. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.0-rc3security-8 advisory. - Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web...

Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.51security-8 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...

Apache Tomcat 9.0.0.M1 < 9.0.0.M13 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m13security-9 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x befor...

Apache Tomcat 7.0.0 < 7.0.73 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.73. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.73security-7 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...

Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.39security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-gunicorn) security update

An update for python-gunicorn is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-gunicorn) (RHSA-2024:2727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2727 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

Zyxel VMG3625-T50B 安全漏洞

The Zyxel VMG3625-T50B is a WiFi device from China's Heqin Technology Zyxel. A security vulnerability exists in the Zyxel VMG3625-T50B V5.50ABPM.8C0 firmware version, which originates from a CGI program that contains a buffer overflow vulnerability that could allow an authenticated, remote attack...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 9 : nodejs (RHSA-2024:2910)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2910 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...